ICS Security in a Nutshell: Common Challenges and How Tripwire Can Help Overcome Them

Industrial control systems (ICS) first proliferated at a time when cybersecurity didn’t weigh heavily on organizations’ minds. Since then, there have been two significant developments in the industry.

First, cybersecurity has become a mission-critical concern for businesses everywhere. Second, there’s been a shift to new network technologies that improve data collection, efficiency and time-to-market.

These events have introduced new cybersecurity risk into organizations’ operational technology (OT) environments. On the one hand, the design and configuration of many industrial control systems oftentimes contradict best security practices. Many ICS are purpose-built and proprietary. This makes them out-of-sync with modern cybersecurity standards.

Additionally, organizations at one point in time configured their ICS in a flat system, meaning each device had access to other assets. That setup might have worked 20 years ago, but nowadays in a flat system, a malware attack against one device could give cybercriminals free reign of the network.

On the other hand, ICS are no longer isolated from other assets. They are increasingly enmeshed with IT business infrastructure and devices. This IT-OT convergence multiplies the risk of their command and control functions being compromised by cyber adversaries.

So, what are organizations to do? How can they best overcome these challenges of securing their industrial control systems?

The first step to ICS security is realizing what organizations have installed on their networks. Maintaining an accurate hardware, firmware and software inventory is paramount if they want to protect their systems from cyber attacks. The inventory of components that make up their control system must also be updated over time as new assets are added.

Organizations can initiate asset inventory by inspecting their network to identify what’s attached to it. Passive asset discovery solutions are essential to this process, as they provide accurate network topology without impacting operations within traffic-sensitive OT environments. By contrast, active scanning can disrupt an asset, impeding productivity and revenue.

During this process, it’s important to remember that attacks on ICS grow more inventive by the day. Organizations need to take an aggressive, proactive approach to outpace these threats. That being said, organizations should start prioritizing and managing vulnerabilities on the network once they’ve segmented it according to their unique business needs and discovered all assets.

Vulnerabilities affecting industrial control systems can stem from components, third-party hardware and software, industrial routers and IoT devices. These flaws affecting both hardware and software systems often go undetected, providing an easy entry point for hackers.

From there, attackers can exploit known vulnerabilities by injecting malware. A 2017 report from Kaspersky Lab found that 40 percent of all energy-sector ICS were attacked by malware at least once, with major other ICS industries following close behind.

As organizations work towards ICS security, Tripwire can help with both asset discovery and vulnerability management. Tripwire Log Center, for example, is a powerful aggregation tool with built-in intelligence that inspects logs for devices and IP addresses. It discovers assets passively through log data without interfering with plant performance.

Tripwire also offers Data Collector, a feature of Tripwire Enterprise which helps securely configure assets by scanning the network for devices and bringing them into an inventory. Tripwire Data Collector speaks to legacy native industrial protocols like Modbus TCP, Ethernet IP CIP and SNMP; integrates with Rockwell AssetCentre, MDT AutoSave and Kepware; reduces manual effort to summarize policy and compliance efforts; minimizes downtime of ICS networks by quickly alerting for unwanted change; and enables vulnerability risk scoring. All of this takes place used on various segments of the Industrial network before reporting back to a centralized Tripwire Enterprise management console.

To help organizations even further with their ICS security, Joseph Blankenship of Forrester Research and I will be hosting a webinar on the topic of “Defending Critical Infrastructure against Cyber Attacks.” We’ll discuss the details of some recent attack campaigns, identify why traditional IT security approaches fail to adequately protect ICS and recommend some effective defense strategies.

I hope you’ll join us on Wednesday, June 20 at 11:00 PST. You can register for the upcoming webinar here.